add incomplete sib heuristic

lib/src/analysis/analyzer.rs

@@ -9,9 +9,9 @@ use crate::{diag::MessagesContainer, gsmtap_parser};
 
 use super::{
     connection_redirect_downgrade::ConnectionRedirect2GDowngradeAnalyzer,
-    imsi_requested::ImsiRequestedAnalyzer, information_element::InformationElement,
-    nas_null_cipher::NasNullCipherAnalyzer, null_cipher::NullCipherAnalyzer,
-    priority_2g_downgrade::LteSib6And7DowngradeAnalyzer,
+    imsi_requested::ImsiRequestedAnalyzer, incomplete_sib::IncompleteSibAnalyzer,
+    information_element::InformationElement, nas_null_cipher::NasNullCipherAnalyzer,
+    null_cipher::NullCipherAnalyzer, priority_2g_downgrade::LteSib6And7DowngradeAnalyzer,
 };
 
 #[derive(Debug, Clone, Deserialize, Serialize)]
@@ -22,6 +22,7 @@ pub struct AnalyzerConfig {
     pub lte_sib6_and_7_downgrade: bool,
     pub null_cipher: bool,
     pub nas_null_cipher: bool,
+    pub incomplete_sib: bool,
 }
 
 impl Default for AnalyzerConfig {
@@ -32,6 +33,7 @@ impl Default for AnalyzerConfig {
             lte_sib6_and_7_downgrade: true,
             null_cipher: true,
             nas_null_cipher: true,
+            incomplete_sib: true,
         }
     }
 }
@@ -169,6 +171,10 @@ impl Harness {
             harness.add_analyzer(Box::new(NasNullCipherAnalyzer::new()))
         }
 
+        if analyzer_config.incomplete_sib {
+            harness.add_analyzer(Box::new(IncompleteSibAnalyzer::new()))
+        }
+
         harness
     }
 

lib/src/analysis/incomplete_sib.rs

@@ -0,0 +1,68 @@
+use std::borrow::Cow;
+
+use telcom_parser::lte_rrc::{BCCH_DL_SCH_MessageType, BCCH_DL_SCH_MessageType_c1};
+
+use super::analyzer::{Analyzer, Event, EventType, Severity};
+use super::information_element::{InformationElement, LteInformationElement};
+
+pub struct IncompleteSibAnalyzer {
+    packet_num: usize,
+}
+
+impl Default for IncompleteSibAnalyzer {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+impl IncompleteSibAnalyzer {
+    pub fn new() -> Self {
+        Self { packet_num: 0 }
+    }
+}
+
+impl Analyzer for IncompleteSibAnalyzer {
+    fn get_name(&self) -> Cow<str> {
+        Cow::from("Incomplete SIB")
+    }
+
+    fn get_description(&self) -> Cow<str> {
+        Cow::from("Tests whether a SIB1 message contains a full chain of followup sibs")
+    }
+
+    fn get_version(&self) -> u32 {
+        1
+    }
+
+    fn analyze_information_element(&mut self, ie: &InformationElement) -> Option<Event> {
+        self.packet_num += 1;
+
+        let sch_msg = match ie {
+            InformationElement::LTE(lte_ie) => match &**lte_ie {
+                LteInformationElement::BcchDlSch(sch_msg) => sch_msg,
+                _ => return None,
+            },
+            _ => return None,
+        };
+        let BCCH_DL_SCH_MessageType::C1(BCCH_DL_SCH_MessageType_c1::SystemInformationBlockType1(
+            sib1,
+        )) = &sch_msg.message
+        else {
+            return None;
+        };
+
+        if sib1.scheduling_info_list.0.len() < 2 {
+            return Some(Event {
+                event_type: EventType::QualitativeWarning {
+                    severity: Severity::Medium,
+                },
+                message: format!(
+                    "SIB1 scheduling info list was malformed (packet {})",
+                    self.packet_num
+                )
+                .to_string(),
+            });
+        }
+        None
+    }
+}

lib/src/analysis/mod.rs

@@ -1,6 +1,7 @@
 pub mod analyzer;
 pub mod connection_redirect_downgrade;
 pub mod imsi_requested;
+pub mod incomplete_sib;
 pub mod information_element;
 pub mod nas_null_cipher;
 pub mod null_cipher;